04-17-2020 04:44 AM
Hi
We have a clientless VPN and app set up to use https on tcp 8443 but the page is not displaying at all. Connectivity has been proven end to end so all the rules are in place.
The app points to a webserver that hosts a portal and uses Javascript.
Some debugging was carried out on the client browser side and a comparison of going through the clientless VPN and not going through the VPN showed the Palo inserting various code. I know the Palo does URL re-writes but can anyone explain what the "pan_eval((function()" and "?gp-7" is? I guess it's something to do with Java but unfortunately I have no experience of it.
Many thanks.
Paul.
These are some of the extracts from the debug whilst going through the VPN and the inserted elements:
<script src="https://xxx.xxx.xxx.254/global-protect/vpn-js/pan_js_all_181s.js"></script><base href="/http-8443/xxx.xxx.xxx.31/aiv/">
<script type="text/javascript" src="assets/js/css-vars-ponyfill.min.js?gp-7"></script>
<script type="text/javascript">
pan_eval((function()
This whole content has been added by the Palo:
).toString().slice(12, -2),__pan_site_rules,1);</script>
<link rel="stylesheet" href="assets/css/vendor/katex.min.css" defer />
<link rel="stylesheet" href="assets/css/vendor/prism.css" defer />
<link rel="stylesheet" href="assets/css/vendor/notebook.css" defer />
<link rel="stylesheet" href="assets/css/nbpreview.css" defer />
<link rel="stylesheet" href="assets/css/cssvariables.css" />
<link rel="stylesheet" href="styles.css"></head>
This is where ?gp-7 added
<body>
<app-root></app-root>
<script src="assets/js/jquery-3.4.1.min.js?gp-7" defer></script>
<script src="assets/js/jquery.sparkline.min.js?gp-7" defer></script>
<script src="assets/js/d3.min.js?gp-7" defer></script>
<script src="assets/js/raw.js?gp-7" defer></script>
<script src="assets/js/papaparse.min.js?gp-7" defer></script>
<script src="assets/js/pivot.js?gp-7" defer></script>
<script src="assets/js/jcf.js?gp-7" defer></script>
<script src="assets/js/jsencrypt.js?gp-7" defer></script>
<script src="assets/js/katex-0.6.0.js?gp-7" defer></script>
<script type="text/javascript" src="assets/js/vendor/es5-shim.min.js?gp-7" defer></script>
<script type="text/javascript" src="assets/js/vendor/marked.min.js?gp-7" defer></script>
<script type="text/javascript" src="assets/js/vendor/ansi_up.min.js?gp-7" defer></script>
<script type="text/javascript" src="assets/js/vendor/prism.min.js?gp-7" defer></script>
<script type="text/javascript" src="assets/js/vendor/katex.min.js?gp-7" defer></script>
<script type="text/javascript" src="assets/js/vendor/katex-auto-render.min.js?gp-7" defer></script>
<script type="text/javascript" src="assets/js/vendor/notebook.min.js?gp-7" defer></script>
<script src="runtime.js?gp-7"></script><script src="polyfills.js?gp-7"></script><script src="scripts.js?gp-7"></script><script src="main.js?gp-7"></script></body>
06-16-2020 03:45 AM
Hi,
We finally got this working.
Under "Network\GlobalProtect\Clientless Apps" we had an application with the "Application Home URL" configured with an IP address rather than a URL with the server hostname. Once this was changed we could connect to the server OK.
Hope this helps.
Paul.
06-07-2020 09:39 PM
Hi all, I'm also facing the same issue. Seems like the javascript that global protect wraps stops it from loading. Has anyone found a solution to this?
06-16-2020 03:45 AM
Hi,
We finally got this working.
Under "Network\GlobalProtect\Clientless Apps" we had an application with the "Application Home URL" configured with an IP address rather than a URL with the server hostname. Once this was changed we could connect to the server OK.
Hope this helps.
Paul.
09-15-2022 05:37 AM
hey,
that didn't work for us. All of our applications have an FQDN URL entered, but we're still having the issues described above. The only thing that helps us is if you outsource the Javascript files to an external server and exclude them from the clientlessvpn configuration. It looks like the reverse proxy is not properly ending the javascript files with a parenthesis. This is displayed to me in the web developer window of the google chrome browser.
best regards
10-21-2022 12:48 PM
Seem like I'm facing this issue too.
For my scenario, web page doesn't update after press confirm button on popup.
I try to debug, compare and found some strange in java script section, I need to consoult with TAC and web team.
12-01-2022 08:36 AM
In my case was the Hostname of the Clientless VPN Portal that was with an IP, we changed it to a valid hostname and got resolved even when the internal apps configured with an IP.
12-01-2022 11:47 PM
You mean here right?:
That's already a DNS name and not an IP address, unfortunately that's not our problem, but thanks for the tip.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
